Highlighted
Andrei Stefanescu
New Member.
88 views

PAM database commands

Hello, 

I'm trying to block specific database commands. I have the DB connector setup. I can see in the report the commands. What should i do in order to block a specific command (ie: DROP *) ? I added a rule "if command in block_list" authorize no but the command still works. Any help would be appreciated. 

 

Thank you.

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: PAM database commands

This is called "Command Risk" in PAM. Command usage can trigger Auto Disconnect and/or Auto Block of the user. Details can be found below:

https://www.netiq.com/documentation/privileged-account-manager-36/npam_admin/data/bjfzqbk.html#cc_command_risk

For "DROP *", I might add a command here with regex to capture the lowercase entry of it:
=~/drop.*/i

Try setting the Risk level high (0-9), then check the keystroke report of a user's session using the command and notice the audit is marked with an associated risk color.

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.